Can this be done with pfSense?
Having heard lots of praise of pfSense over at the PBX in a Flash forums, I am wondering how easy the following setup would be with pfSense:
We want to keep "normal surfing" traffic completely separate from the VoIP traffic, so we have a separate 2MBps line just for VoIP, and the phones on a separate LAN. However, for administrative reasons one needs to get from the LAN to both the Asterisk box and the VoIP phones (but I don't want the Asterisk to do routing).
We would also like to implement at least two VPNs: one to go to the LAN (probably OpenVPN), and another one for external extensions to connect to the Asterisk (Probably PPTP).
Possible? Easy? Difficult? Impossible?
Everything you have mentioned is certainly doable. I have a similar setup except for the dual want. the perceived difficulty depends entirely on your skill, but it is by no means difficult for someone technically adept.
No problem, that's a common setup, lots of people like to keep their VoIP completely separated from other Internet traffic. It's a good way to go. It's an easy setup too, generally takes me about 30 minutes start to finish to configure that from scratch, and anyone who's comfortable with similar classes of firewalls should be able to do it within a couple hours tops the first time.